Issues with Perfmon reporting – Turning ETL into HTML

Recently I came across a problem with Performance Monitor’s reporting functionality in Windows Server 2008 R2. More specifically, reporting with the Active Directory Diagnostics template. A customer was having a hard time with their Domain Controller CPU levels being sustained at or above 90% – initial investigation with our old friend ‘Task Manager’ showed this was LSASS.exe. To add to this, there were no baselines for us to check to see if this was a growing trend, or if this was just a random spike over the last few days.

So, back on topic. I suggested for them to run the ‘Active Directory Diagnostics’ Data Collector Set.

After the customer had created a Data Collector Set from a template (http://technet.microsoft.com/en-us/library/cc766318.aspx). It was setup to run for what we thought was going to be a quick 5 minutes to try and do a quick and dirty diagnostic. This 5 minutes turned slowly into hours as Performance Monitor tried to create the report with the little CPU time that it was able to get.

The next day, I asked the customer if they could send me the Report.html file. I was quickly told – there is no report.html. Hmmmm… Could there be a scheduled action which has cleaned this up? By default, reports older than 24 weeks will be deleted. After a quick look, it was discovered that this was this case – the report was less than 1 day old. You can check the rules on your server by right clicking on the DCS and selecting ‘Data Manager’ > ‘Actions’ Tab.

All they had for me were the following files;

This was a 300 second trace, and the ETL files totaled over 1GB! No wonder this took so long – there is a lot of data.

File Size

File Name

809,828,352

Active Directory.etl

7,284

AD Registry.xml

199,426,048

NtKernel.etl

7,733,248

Performance Counter.blg

62,745

report.xsl

12,047

summary.txt

So, all I had were the associated files, and all I wanted was a nice performance report to send back to the customer without me having to interpret this data manually – after all it is not really practical with ~1GB worth of ETL files. So thanks to a bit of searching I found this article.

The report generation process may stop responding when you run Perfmon.exe with the Active Directory Diagnostics template to generate a report on a Windows Server 2008-based domain controller.http://support.microsoft.com/kb/971714

Step 4;Locate the files, and then run the following command at the command line on the second Windows Server 2008-based domain controller:

Looking at the command in step 4, it asks for a .tmp file I don’t have a .tmp file… Yes, I know the DC wasn’t freezing when generating the report, it just didn’t do it – and I didn’t have time to rerun the DCS and find out why.

So, what next you ask? You get all the way here and the above KB is useless…? That’s what I was thinking when I got to this point.

I jumped on another Windows Server 2008 R2 server and kicked off another DCS based on the ‘Active Directory Diagnostics’ template. I looked in the output directory of the DCS and Bingo! There is “RPTE290.tmp”!! I copied this out while the collector was running and fed this .tmp file into the command above, and about 15 hours later I had the report I was after. Did it have the answers to all my problems? Not this time. So, after all this I had an answer for the customer, I just wasn’t able to pin point the issue this time with 5 minutes worth of data. Hopefully, this will be helpful and the next time someone needs to do this the report has the answer they are looking for.